System Changes and Notifications

The communication of changes, and planned or unplanned system outages, is required by the certificate policies and the incident management process. Strong communication allows for planning and response and benefits the Federal PKI community as a whole. Planned changes of the these types require notifications two (2) weeks in advance:

Changes to Certificate Revocation List Distribution Points

Changes to Online Certificate Status Protocol (OCSP) endpoints

Introducing new URIs or retiring old URIs referenced in the Certificates profiles in use

Signing or revoking a Certificate Authority (CA) certificate

System outages - either through a planned maintenance activity or unplanned event - may also be posted on this page, and may trigger the Incident Management process.

To report a change or system outage not listed below, please email fpki@gsa.gov.

Notifications

Notice date: March 13, 2019

System: US Treasury

Type: Intent to Perform CA Certificate Issuance

Start Date and Time: June 29, 2019

Change Description: Treasury intends to re-key the Treasury OCIO CA (TOCA) on 6/29/2019. Certificates will be available following the key update at https://pki.treasury.gov.

Change Description: DigiCert will be moving the federal PKI shared service provider CAs (government) and other managed PKI to new data centers. The address ranges in the new data centers will be as follows - 216.168.245.0/24, 216.168.246.0/24, 216.168.248.0/24, and 216.168.249.0/24. Be prepared to update network configurations as necessary. This activity is planned to take place between 15:30 UTC, April 6, 2019 and 3:30 UTC, April 7, 2019. See https://knowledge.digicert.com/generalinformation/digicert-symantec-managed-pki-data-center-migration-information-.html for more information.

Change Description: Issuance of a new CA certificate from the Federal Common Policy CA to Digicert Federal SSP Intermediate CA - G5. This CA certificate is new but intended as a rekey for the Symantec SSP Intermediate CA – G4 CA certificate.

Change Description: A new IP address will be added to the IP range for the OCSP services. Federal agencies should review firewall rules and internet gateway whitelists and adjust any rules to encompass the new IP address. Users may experience sporadic PIV authentication errors to the federal networks if firewall rules or whitelists are blocking this new IP address. There are no changes to the URIs in the end entity certificates. Please email the contact to request the new IP address as needed.

Change Description: CerithPath Bridge intends to renew the cross certificates from the CertiPath Bridge G1 and G2 to Raytheon prior to the end of this month. No changes are being made to certificate policies or policy mappings.

Contact: support at certipath dot com

Notice date: June 7, 2018

System: Federal PKI Trust Infrastructure

Type: CA Certificate Issuance

Start Date and Time: June 7, 2018

Change Description: A new cross-certificate was issued from the Federal Bridge CA 2016 to the SAFE BioPharma Bridge CA 02

Change Description: The CA certificate for the issuing CA named Executive Office of the President CA-B8 will be revoked on August 25th and a long term CRL will be published. This CA is no longer active.